Bitdefender downloader.exe
Hello
i noticed there`s an exe file in bitdefender total security 2017 folder which makes connection to this ip:93.184.221.133 on port 80
it looks bitdefender update downloader but :
https://otx.alienvault.com/indicator/ip/93.184.221.133/
https://www.virustotal.com/en/ip-address/93.184.221.133/information/
https://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=93.84.221.133&%3Bregion=us
can any users/mods confirm this is a legit file and ip for downloading updates?
just wanna make sure you know ...
MD5:
0EA1F32ACAD1AF4E1CD2076DEC7A859A
SHA-1:
1917FC73F4153346B593355FBE4B93255CFB9969
Bitdefender Total Security 2017
Build:21.0.23.1101
Virus signature :8419313
Engine version:7.69760
Win 8.1 Pro
thank you
Comments
-
Quote
Look at the first and last seen dates. 2011, or 6 years ago. I wouldn't base any decisions or worries based on a 6 year old security report.
Quote
Doesn't look particularly suspicious. The "Latest detected files that communicate with this IP address" section only looks scary because the majority of those are fake programs pretending to be real programs. If you click on one of the the hashes and then goto the "behavourial analysis" tab you'll see why it accessed that IP. For example a few show as " update.iobit.com (93.184.221.133) " which is a well regarded system tool.
The "Latest detected URLs" only show mostly 1 detected out of X scanners. That isn't enough to tell if something is infected, you normally want at least 25% or more to detect to convince me something is malicious, also the last detected URL was February last year, nothing in recent times.
Another appears to be " cdn3.cpmstar.com (93.184.221.133) " which is an advertising network. Advertising networks often have malicious code/data injected into them by malware and is one of the reasons adblock is recommended.
Based on the various URLs and other details I would guess the IP is some sort of CDN (Content Delivery Network) used by multiple systems, one that hosts many files so trojans and malware use it to download legitimate files to try to pretend to be not-fake.
To back this up, whois shows the IP is owned by Edgecast, a Content Delivery Network.
Quote
% Abuse contact for '93.184.220.0 - 93.184.223.255' is 'abuse@edgecast.com'
netname: EDGECAST-NETBLK-03
descr: NETBLK-03-EU-93-184-220-0-22
Quote
Can't see anything on there that would indicate anything to worry other than a red box in "email" column?
--
And finally:
Here is the report for your file you uploaded to virustotal. Looks clean.
Your file also passes the certificate check (right click on the .exe in Windows explorer, choose "Properties" then "Digital Signatures") and has valid digital signatures.
Quote
Verified: Signed
Signing date: 7:43 PM 28/09/2016
Publisher: Bitdefender SRL
Company: Bitdefender
Description: BitDefender Update Downloader
Product: Bitdefender Security
Prod version: 3.0.3.926 167166
File version: 3.0.3.926 167166
MachineType: 64-bit
You can also use SigCheck to do it too, so you can be sure the file hasn't been mofidied/infected (unless you have a rootkit intercepting those checks).
--
Based on this, I think the file is safe.0